Apple’s Thumbscan and Your Security

If Apple allows you to add the thumbscan to the access requirement in conjunction with a passphrase then this is moot and I would say go for it. Yes, there’s no doubt that your biometric data may be compromised. If you can live with that possibility then let’s look at another potential problem. If you use an iOS device when it is locked the contents are encrypted to your passphrase (unlock code). If you don’t unlock it any contents downloaded will be encrypted. Currently law enforcement agencies with a warrant can go to Apple and get the contents decrypted. This in itself means the phone is insecure but barring Apple doing it there’s no way for an average criminal or other organization to gain access to your phones data without your passphrase.

Now, if you tell someone your passphrase whether that be a police officer or other government organization conducting an unconstitutional search or some other person then any misuse is your own fault. Barring torture, if you do not tell them then they will not gain access. Now insert the thumbscan access procedure. Police are already forcibly taking blood and DNA. What is to stop them or anyone else from forcibly unlocking your phone with your thumb?

Now, let me be clear my concern is not an officer with a warrant or valid probable cause, it’s a warrantless search or a criminal. Yes, If your not doing anything wrong why should YOU care? If your not doing anything wrong why do THEY care?

So I say, don’t ever hand your cell phone to someone you don’t explicitly trust. …and if your auto insurance company offers you the option of having your insurance card on your phone and you hand that unlocked phone to an officer don’t be surprised if he takes the phone back to his cruiser to download the contents. If this happens to you don’t use your phone until you completely wipe and restore the contents from your backup. You may be carrying out spyware that allows access to the data at anytime.

If Apple offers dual authentication then great otherwise don’t rely on the thumbscan.

Leave a Reply